Insider Threat

Insiders pose a significant risk to data security. Recent incidents have shown that unauthorized insider access can result in fraudulent activity and data leakage. Since insiders are granted access to networks, applications and data systems in order to perform their daily duties, it is not easy to restrict their access.

In order to mitigate the risk posed by insiders, it is necessary to restrict user's access to sensitive data to a business need to know, closely monitor user access to such data and reduce exposure to software vulnerabilities.

Alert, Block and Investigate Suspicious Activity

Identify abnormal behavior that may indicate fraudulent activity and malicious attacks. Real-time alerts on suspicious activities enable followed actions. Automatic blocking of is an effective way to stop insider attacks and fraudulent activity. Audit reports and analytical tools are needed to support forensic investigations.

Monitor Sensitive Data Usage by all Users

Users allowed access to sensitive data should be monitored. This applies to privileged as well as non-privileged users. Monitor all paths used for data access including application access, network access and direct access. Identify the specific user behind each data access request. The resulting audit trail is an essential component in addressing key regulatory requirements and supporting forensic investigations.

Identify, Mitigate Exposed Systems

Scan systems for known vulnerabilities and identify mis-configurations that expose data to risk. Identify missing patches and define how and when systems can be patched. Virtual Patching can provide a quick solution for exposed which cannot be fixed in a timely manner.

Discover Systems Containing Sensitive Data

Accurately mapping where sensitive data is located on database and file systems is the first step in mitigating the insider threat. Identify all systems hosting sensitive data, including unmanaged and “rogue” systems. Scan systems for well-known and custom sensitive data types to establish a baseline of systems in scope.

Enforce Separation of Duties and Eliminate Excessive Rights

Review user rights to verify that no single person can perform unauthorized fraudulent activity and conceal the tracks. Excessive rights which are not needed based on the user's job description should be revoked. Dormant user rights and accounts should be identifies and removed to avoid exploit attempts.

Database Security

Product Name	Capabilities
SecureSphere Database Activity Monitoring and SecureSphere Database Firewall	Monitor and optionally block¹ unauthorized database activity Alert on material variances of profiled user behavior Investigate suspicious activity using audit analytics Prevent sensitive data leaks from databases
SecureSphere Discovery and Assessment Server	Automate data discovery and classification Assess databases for vulnerabilities Prioritize security risks
User Rights Management for Databases	Aggregate access rights across databases Remove excessive rights and dormant users

File Security

Product Name	Capabilities
SecureSphere File Activity Monitoring	Monitor and optionally block² unauthorized file activity Alert on material variances of profiled user behavior Prevent sensitive file data leaks
User Rights Management for Files	Aggregate access rights across file servers Remove excessive rights and dormant users

¹Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
²Blocking accesses to sensitive data in databases requires SecureSphere File Firewall

Datasheets

SecureSphere Database Security Products

White Papers

Multimedia

Customer Quote

Security is not just the perimeter; layered defenses must be inside of the network and on the applications and databases if we really want to protect information. We haven't done nearly enough to protect applications and databases…and the magnitude of loses around insider threats are underreported.

William (Bill) Crowell
Former Deputy Director, NSA